Information Security Manager
Posted a month ago
- Bristol, South West England
- Any
- External
- Expires In 2 months
Key stakeholders: Tech team, Support, Operations, Product, IT Operations Manager, Legal Counsel, Executive teamOrganisational Framework Level: 4 – Senior TechnicalAbout youAs Information Security Manager you will be fully responsible for all our information security policies, processes, and programmes to provide assurance of ongoing statutory and regulatory compliance, to monitor and maintain our ISO 27001 Information Security Management System, work on future security standard implementation plans and help support our clients Information Security and Information Governance requirements.Job purposeEnsure secure and efficient scaling of our information security practices, to meet our ambitious growth plansDeliver world-class software, services, and customer success using information security best practicesCreating a security-first culture through your influence, mentoring & coachingKey responsibilitiesEnsure an ongoing culture of information security throughout Clue, including all new joinersKeeping up to date with developments in IT security standards and threatsArranging penetration tests and ensuring remediation of any findings in line with our SLA’sDocumenting any security breaches and assessing their damageEnsure we have passed all ISO27001 internal and external audits ensuring that the ISMS is established, implemented, maintained, and continually improved in accordance with the requirements of the standardIdentify. manage & drive the Risk Assessment process, working with stakeholders to reduce risk to a minimum acceptable levelOperational management of Clue’s ISMS in line with ISO (27001) standards, GDPR, Business Continuity, Disaster Recovery and Audit functionsCarrying out Internal Audits to ensure that Security controls are effectiveConduct a continuous assessment of current Security Practices and Systems, identifying areas for improvementPerform Security Risk Assessments and identify ways to minimise threatsCreation of new information security strategies, project execution and implementation of initiativesIncorporate information security requirements into the daily business operations and ensure subsequent processes are supported and auditedEnsuring that the correct level of antivirus & malware software is present on all relevant hardwareTranslate security risks into actionable requirements and maintain the InfoSec risk registerCreating reports on Information Security areas including status reports and Incident reportsDeveloping and rolling out a continual programme of information security education across all Clue employees and contractorsResponsible for identification and analysis of information security related nonconformities. Working with the relevant departments to improve practices where necessaryMonitoring and reporting of ISMS performance to senior leadership teamProducing a suite of technical documentation that sets out Clue’s approach and systems to ensure information security, for sending to customers and partnersHelping the sales team respond to due diligence questionnaires and technical queries from customers and prospects, providing content to a central knowledge hubConducting Clue DPIAs and contributing towards customer DPIAs and
collaborating closely with the DPO on all aspects of data protection complianceKey role measuresYou will be responsible for reporting to the exec team on all information security aspects, such as risk management, pen test results, scorecards etcYou will be responsible for the security optimisation and ongoing information security health of operating our cloud platform at scaleYou will be responsible for ensuring all information security risks are mitigated or accepted by the relevant exec ownerYou will be responsible for ensuring we maintain compliance to current & future standards in line with business aspirations (ISO 27001, NIST etc)Experience and skillsOur ideal candidate would have experience in the following areas:Previous experience in working with/establishing an ISMS and the identification, mitigation and management of risk and security, ideally within a SaaS organisation.Excellent understanding of Data Protection and GDPR.Management of InfoSec risk register, assessment, and mitigation of treatment plans.Ability to work independently and manage a variety of projects simultaneouslyProven ability to establish and implement information security policies and proceduresAbility to display strong verbal and written communication skills, especially involving technical documentation and report writingDemonstrate up-to-date knowledge and understanding of the information security threat landscape and associated countermeasuresHold a current information security certification such as ISACA Certified Information Security Manager (CISM)Knowledge of cloud provider design principles & security models, like Azure Well- Architected frameworks, Zero Trust etcDiversity, Equity and InclusionIf you’re excited about this role but your experience doesn’t align perfectly, we encourage you to apply anyway and tell us more about yourself. You may be just the right candidate for this or other roles.We believe that seeing the world from all sorts of angles makes life better for all. We want you to know that the things that make you an individual, like your identity, age, ethnicity, religion, ability and background, are things that we choose to celebrate and support.We are a scale-up company, and as we continue to grow, we are passionate that having a diverse, inclusive and authentic workplace will remain at our core. We are creating an inclusive environment where our people can thrive.Our values are aligned and at the heart of everything we do. We are respectful, united, rigorous, relentless and ethical.Clue provides software for a safer society.Investigations professionals use Clue to conduct enhanced end-to-end operations enabled by proactive threat detection and prevention, operational pace and confidence in decision-making.Clue is trusted by a diverse and global investigations community dedicated to preventing harm and bringing justice to victims in society, spanning government, corporate, law enforcement, not-for-profit and sports organisations.
#J-18808-Ljbffr
collaborating closely with the DPO on all aspects of data protection complianceKey role measuresYou will be responsible for reporting to the exec team on all information security aspects, such as risk management, pen test results, scorecards etcYou will be responsible for the security optimisation and ongoing information security health of operating our cloud platform at scaleYou will be responsible for ensuring all information security risks are mitigated or accepted by the relevant exec ownerYou will be responsible for ensuring we maintain compliance to current & future standards in line with business aspirations (ISO 27001, NIST etc)Experience and skillsOur ideal candidate would have experience in the following areas:Previous experience in working with/establishing an ISMS and the identification, mitigation and management of risk and security, ideally within a SaaS organisation.Excellent understanding of Data Protection and GDPR.Management of InfoSec risk register, assessment, and mitigation of treatment plans.Ability to work independently and manage a variety of projects simultaneouslyProven ability to establish and implement information security policies and proceduresAbility to display strong verbal and written communication skills, especially involving technical documentation and report writingDemonstrate up-to-date knowledge and understanding of the information security threat landscape and associated countermeasuresHold a current information security certification such as ISACA Certified Information Security Manager (CISM)Knowledge of cloud provider design principles & security models, like Azure Well- Architected frameworks, Zero Trust etcDiversity, Equity and InclusionIf you’re excited about this role but your experience doesn’t align perfectly, we encourage you to apply anyway and tell us more about yourself. You may be just the right candidate for this or other roles.We believe that seeing the world from all sorts of angles makes life better for all. We want you to know that the things that make you an individual, like your identity, age, ethnicity, religion, ability and background, are things that we choose to celebrate and support.We are a scale-up company, and as we continue to grow, we are passionate that having a diverse, inclusive and authentic workplace will remain at our core. We are creating an inclusive environment where our people can thrive.Our values are aligned and at the heart of everything we do. We are respectful, united, rigorous, relentless and ethical.Clue provides software for a safer society.Investigations professionals use Clue to conduct enhanced end-to-end operations enabled by proactive threat detection and prevention, operational pace and confidence in decision-making.Clue is trusted by a diverse and global investigations community dedicated to preventing harm and bringing justice to victims in society, spanning government, corporate, law enforcement, not-for-profit and sports organisations.
#J-18808-Ljbffr
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
